Author Topic: NSM 2010, Can't import configuration from device  (Read 5237 times)

shupup

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
NSM 2010, Can't import configuration from device
« on: April 07, 2010, 04:20:53 am »
Hi,

We have 2 NSM, 2007r3 and 2010.
The 2010 works without any problem.
The problem is that when I try to add device (SSG running ScreenOS 6.3r3) to the 2010 NSM, the NSM "succsessfully" add the device, but at the end it write me: "Device could not connect to NSM...".

I've looked at the log of the SSG and I see this message every minute:
"NSM: Cannot connect to NSM server at 10.100.100.101. Reason: 6, disconnected by peer (read == 0) (3 connect attempt(s))"

In the NSM logfile (/usr/netscreen/DevSvr/var/errorLog/deviceDaemon.0) I see (every minute):

"[04/07/2010 10:50:27.991] [Error] [1119936-nsRSA.c:189] RSA invalid header
[04/07/2010 10:50:27.991] [Error] [1119936-nsCryptoMTMPlug.c:1403] Could not verify connect message!
[04/07/2010 10:50:27.991] [Error] [1119936-nsCryptoMTMPlug.c:2203] nsCryptoMTMPlugServerRecv_S1() failed
[04/07/2010 10:50:27.991] [Warning] [1119936-nthConnPlug.c:374] NTHCONN: SSP device 172.16.2.102 (domainId 1, deviceId 32): denied connection due to key exchange failure
[04/07/2010 10:50:27.991] [Notice] [1119936-sessionPlug.c:3581] session returns NETPLUG_SEND_DISCONNECTED"

It seems there is a mismatch between the SSH of the SSG and the NSM (although the NSM were able to connect via ssh to the SSG).
I tried to delete the nsm keys from the SSG, and reset the known_hosts files at the NSM, but still the same proble.

I will appreate any help!.

Dayan Shay.



trotro

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: NSM 2010, Can't import configuration from device
« Reply #1 on: April 15, 2010, 07:26:57 am »
Just an idea because I had same problem : some special caracters in password could not been understood by NSM
If you have special caracters just try to change and put a easy password to see if this resolv the problem
It"s just an idea... I'm not sure this is your problem

shupup

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: NSM 2010, Can't import configuration from device
« Reply #2 on: April 15, 2010, 07:49:08 am »
After some support we found out the problem.
We are tring to monitor a SSG, which doesn't support FIPS.

Simply disable the FIPS from the configuration file in the NSM.